EBPFGuard: a Rust Library Mitigation of Threats Using LSM Hooks

Deepfence has introduced eBPFGuard, its Rust library, and open-source tool, into its commercial product, ThreatStryker, for threat detection and mitigation. By integrating eBPFGuard, Deepfence aims to provide an advanced and robust solution for users seeking protection from increasingly complex and sophisticated cyber threats. eBPFGuard can selectively block specific kernel function calls based on user-defined policies, without direct intervention from the kernel, providing greater efficiency while mitigating potential security issues. eBPFGuard also comes with a host of features, including management of eBPF programs’ lifecycle, kernel version independence, and intelligent alerting of policy enforcement. In addition, eBPFGuard’s utilization of eBPF programs attached to LSM hooks enables custom policies, reducing the overall attack surface.


To top